Privacy Statement

Information on who we are

Aptiv Global Operations Limited and its affiliates (“Aptiv”) as a Data Controller and business is committed to protecting the privacy and security of your Personal Data. “Affiliates” includes all entities controlled by, under common control with, or controlling Aptiv Global Operations Limited, provided that control will mean direct or indirect control or ownership of more than 50% of the voting stock or equity of such entity. Aptiv Global Operations Limited is an Irish company with its registered office at 5 Hanover Quay, Grand Canal Dock, Dublin, D02 VY79, Ireland.

 

Scope of this Privacy Statement

At Aptiv, we care about the protection and privacy of your Personal Data (also referred to as Personal Information).

The Aptiv website is one of our primary channels of communication providing information on our company, products, programs and services. This Privacy Statement applies when you visit our Aptiv.com website, including if you have been directed to this site, or when you contact us with a comment, inquiry or customer support request through this site. By using or accessing this site, or contacting us, you agree that we may process your Personal Data in the manner described in this statement. It is important that you read this statement so that you are aware of how and why we are using your information. If you have any questions about this statement or how we handle your Personal Data, or if you are contacting us to fulfil a Data Subject/Consumer Access request, contact us here.

Personal Data collected about you in connection with other Company websites, products, services or mobile applications (including those made available to you by our group companies) may be covered by different Privacy Statements. It is important that you read this Privacy Statement together with any other Privacy Statements or other Notices we may provide to you.


The kind of Personal Data we process 

Personal Data means any information about an individual from which that person can be identified.

When you avail of our services, or purchase Aptiv products, we may collect, store, and use the following categories of Personal Data about you: 

  • Identification and contact information – such as first name, last name, username or similar identifier, title, company/organization name, job title, date of birth, postal address, unique personal identifier, online identifier/IP address, account name, signature, password, characteristics or description, address, and telephone number.
  • Payment information – name, bank account number, credit/debit card number, card issuer and card type, card expiration date, CVV code, any other financial information, and billing address.
  • Characteristics of protected classifications/Special categories of Sensitive Personal Data – such as information about your: genetic data; ethnicity/race; political opinions; religious/philosophical beliefs; sex life/orientation; trade union membership; migration information; biometrics; criminal data; children’s data; precise geolocation, and your health, including any medical condition, where you disclose those details to us so that we can accommodate any special requirements you may have when you avail of our services including to comply with our legal obligations.
  • Commercial purchase and order information – such as details about payments to and from you, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies,
  • Preference information – such as your account settings and your interests and preferences in receiving marketing and communication messages from us and our Third Parties,
  • Internet or other electronic network activity - such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Geolocation data – such as including general location information while using one of our apps.
  • Audio, electronic, visual, thermal, olfactory, or similar information - Personal Data footage recorded for security, health and safety, events or product development purposes,
  • Interaction and Usage Data – when you interact with us we will record details of those interactions (for example, phone calls, e-mail correspondence and hard copy correspondence as well as information on how you use our website, products and services). If you make a complaint we will process details concerning that complaint.
  • Mandatory Data – ddata that is mandatory for us to collect to comply with certain legal and regulatory obligations that apply to our business.; 


How We Obtain Your Personal Data

We only collect, process, retain or share the minimum amount of Personal Data required to fulfil a specified and legitimate purpose.

The Personal Data we obtain from you is dependent on your interactions with us. We may obtain your data either directly or indirectly.

Directly, when you:

  • Create an account or visit our website,
  • Subscribe to, or apply for, our products, services or publications,
  • Purchase or use our products and services,
  • Complete our administrative forms on our website or contact us in any other different ways,
  • Are captured during the course of our product and service development (which might include street-view data or video data collected in public spaces),
  • Request further correspondence from us or correspond with us by post, telephone, email or otherwise.
  • Request samples of our products,
  • Request particular marketing messages to be sent to you,
  • Enter a competition, promotion or survey,
  • Give us feedback,
  • Participate in research and development of our product and services,


Indirectly, through:

  • Cookies, server logs and other similar technologies on our website (we may collect Technical data about your equipment, browsing actions and patterns etc, based on your Cookie selection. Please see our cookie policy for further details,
  • Our website technology’s interaction with your browser or devices,
  • Technical Data provided by Third Parties such as Analytics Providers.


Purposes for Collecting Your Personal Data

The purposes for which we might collect Personal Data about you include the following:

  • To identify you personally or to verify your identity,
  • To process your orders for goods or services from us,
  • To deliver our services/products to you,
  • To register and process your warrants for our products and services,
  • To facilitate payments for our products and services,
  • To carry out transactions you have requested,
  • To answer your queries in relation to our products and services,
  • To facilitate and register you for certain products, events or services which require registration,
  • To administer and protect our business and sites – including site troubleshooting, system maintenance, support, reporting and data hosting,
  • To perform business analyses, or for other purposes that help us to develop and improve the quality of our business, sites, products and services (including new products and services, and future innovation), for example, by customizing our sites to your particular preferences or interests,
  • To market our relevant products and services which might be of interest to you in accordance with applicable laws and regulations. You are able to opt-out from marketing communications sent via e-mail at any time, free of charge by using the “unsubscribe” link in any e-mail marketing materials you receive from us, or by contacting us here.
  • To conduct research and analysis of your product and service preferences so we can identify products and services that best meet your requirements and tailor our marketing and advertising messages accordingly,
  • To detect, prevent and respond to fraud, intellectual property infringement, violations of our terms and conditions, violations of law or other misuse of our assets,
  • To comply with regulatory, legislative or statutory obligations, which vary in regions (for example, tax, law enforcement directives, court orders, subpoenas, etc),
  • To fulfil any of the purposes associated with or related to the above purposes,
  • To serve other purposes for which we provide specific Notice at the time of collection, or as otherwise authorized or required by law.

Where permitted by law, we may combine the information that we collect via our sites with other information we hold about you (such as information about your use of our products and services) in order to offer you an improved and consistent customer experience when interacting with us or for other purposes set forth in this statement.


Our Lawful Bases for Processing your Personal Data

According to applicable law, each process that involves Personal Data must have a ‘lawful basis’. Identifying the correct lawful basis helps to ensure that Personal Data is used in line with applicable law.

Our lawful bases for processing your Personal Data will be appropriate for the purpose of processing, and the type of data involved. We process your Personal Data when it is necessary for:

  • The performance of a contract, or prior to entering a contract, to which you are party,
  • Carrying out our organization’s legal and compliance obligations, including the establishment, exercise or defense of legal claims,
  • The performance of tasks to which you have given us your consent,
  • Carrying out tasks that are in our legitimate interests or that of a Third Party,
  • Protecting your vital interest or that of another person,
  • The performance of a task carried out in the public interest.


How we use particularly Sensitive Personal Data and our Lawful Bases for Processing

Depending on your jurisdiction, the use of some Special Categories of Sensitive Personal Data is further protected by law, and can only be processed insofar as necessary and legally permitted, or in exceptional circumstances.

This includes Personal Data relating to: health, genetics, ethnicity/race, political opinions, religious/philosophical beliefs, sex life/orientation, trade union membership, migration information, biometrics, criminal data, children’s data) require higher levels of protection. In some jurisdictions, such Sensitive Personal Data may also include: Criminal information; Children’s data; National/Govt Identification (e.g. Social Security Number, Driver’s license, State Identification card, or Passport number); account log-in, financial account, debit card or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation.

We may process such Personal Data in limited circumstances. The lawful basis of processing this data will vary depending on jurisdiction, and the purpose of processing: it may be based on your explicit consent, or where we need to carry out our legal obligations or in relation to legal claims, or where it is needed in the public interest. Less commonly, we may process this type of data where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

We may use information about your physical or mental health or status, to ensure your health and safety when you are availing of our services and to ensure that we comply with relevant applicable legislation. Your Sensitive Personal Data will not be used for any additional purposes that are incompatible with the purposes listed in this Privacy Statement unless we provide you with Notice of those additional purposes.


California Business Contact Information

If you are a California resident and we receive your Personal Information in the form of contact details from business events, for example as part of a business appointment (e.g. by exchanging business cards) or as part of any other form of collaboration, we may use your contact and business details to maintain our business contacts. For this purpose, we may transfer your contact details to our internal database. Pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), you have privacy rights with respect to your business contact Personal Information.

The processing activity may include the following data categories:

 This data processing is based on our legitimate business interests. We have a legitimate economic interest in maintaining contacts beyond the initial context and Internal in using them to establish and develop a business relationship and to remain in contact with the parties concerned.

Such business contacts could also be easily processed in our email communications with you and then kept in typical business software, either centrally or on the electronic devices of our employees. 

We do not sell or share any of our data subjects’/consumers’ Personal Information, as defined by the CCPA; in the preceding twelve (12) months, we have not sold or “shared” any Personal Data, as “shared” is defined under the CCPA.


Automated decision-making

Automated decision-making takes place when an electronic system uses Personal Data to make a decision without human intervention.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.


Marketing

We may contact you by mail, email, telephone or social media about our products and services and other events which might be of interest to you.

You have the right to ask us to stop processing your Personal Data for direct marketing purposes. If you wish to exercise this right, you can click unsubscribe from the bottom of the email received or please submit a request through the link here.


Data sharing

We will disclose or share your Personal Data with Third Parties where it is necessary to perform our contract with you, where we have another legitimate interest in doing so or where it is required by law.

We will disclose your data with trusted Third Party service providers. We may also disclose your Personal Data with other Third Parties, for example, in the context of a transfer of our statutory functions or with a regulator or to otherwise comply with the law.

All our Third Party service providers are required to take appropriate security measures to protect your Personal Data based on the associate risks including proper access controls. They will only process your Personal Data on our instructions and are subject to a duty of confidentiality. We require Third Parties to respect the security of your data and to treat it in accordance with the law.


Cross Border Transfers of Data

We may be required to transfer your Personal Data across International borders, in line with applicable law. To ensure that International Transfers of Personal Data are adequately protected, we have put in place appropriate safeguards with our group companies, service providers, contractors, distributors, business partners and agents. We take appropriate Contractual, Technical, Organisational measures, and conduct Transfer Impact Risk Assessments, as required, to protect your Personal Data and Your Rights. For International Data Transfers, we comply with the requirements of applicable law, including safeguards such as Standard Contractual Clauses (SCCs) where required (e.g. for transfers of EU Personal Data outside of EU (and areas deemed to provide Adequate Protection), in accordance with Article 46(2) of the GDPR). For more information on the appropriate safeguards in place to protect your Personal Data, you may contact us via the Contact details in this Privacy Statement.


Retention of Personal Data

We will retain your Personal Data only as long as necessary to fulfil the purpose(s) for which it was collected, or as required by law. We retain your Personal Data in accordance with applicable laws and our Records Retention policy and Schedule. Otherwise, we aim to keep our files current and will make reasonable efforts to remove Personal Data that is no longer relevant for the purposes for which it was collected.

In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further Notice to you.


Security and protection of Personal Data

Aptiv is committed to safeguarding the security and protection of your Personal Data, via a system of governance, policies and processes, and have dedicated Privacy and Security teams to manage risk and implement controls. We have implemented appropriate security measures in order to protect your Personal Data from unauthorized access, use, copying, modification, disclosure, destruction and alteration. We abide by the key principles of Data Protection and Privacy in our Personal Data collection and handling, namely: accountability; lawfulness, fairness and transparency; data minimisation; purpose limitation; storage limitation; managing the confidentiality, integrity and accuracy of Personal Data.


Data Subjects’ Rights in Relation to the Processing of Your Personal Data

In accordance with applicable law, in certain circumstances, you have the following rights with regard to the processing of your Personal Data:

  • The right to request access to your Personal Data.
  • The right to be informed about how your data is processed.
  • The right to request correction/rectification of the Personal Data that we hold about you.
  • The right to request erasure/deletion of your Personal Data.
  • The right to object to processing of your Personal Data.
  • The right to request the restriction of processing of your Personal Data.
  • The right to request the transfer of your Personal Data to another party.
  • The right to opt-out of sale of your Personal Data.
  • The right to non-discrimination for exercising your rights.
  • The right to request disclosure of categories of information collected, sources we collected it from, the commercial purpose for collecting it, categories of Third Parties whom we shared it with, categories of information disclosed for business purposes and categories of information sold about you.
  • The right to withdraw your consent at any time, where you may have provided it for the collection, processing or transfer of your Personal Data for a specific purpose.


Exercising Your Rights

You may exercise Your Rights via our online form here. In some jurisdictions, you may also designate an authorized agent to make a request on your behalf. The response time for Data Subject Rights Requests varies depending on your jurisdiction and applicable law. If we require more time to respond to your Request, we will inform you.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is deemed to be unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

When you exercise these rights and submit a request to us, we or our partners may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). We will verify your identity by asking you to authenticate your identity via standard authentication procedures. For example, where relevant we may ask for your email address, order numbers of previous orders of our products and services, the last four digits of a credit or debit card or bank account number used to make a purchase, or the date of your last purchase from us. We also may use a third-party verification provider to verify your identity. These measures are another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

When you exercise Your Rights, we will not discriminate against you in any way. For example, we will not deny you goods or services, charge you different prices or rates for goods or services, deny you discounts or other benefits or impose penalties on Internal you, or provide you with or suggest that you will receive a different level or quality of goods or services.

California residents have the right to opt out of the selling and sharing of their Personal Data and to limit the use of their sensitive personal data. However, we do not sell or share Personal Data, and we do not use Sensitive Personal Data for any additional purposes that are incompatible with the purposes listed in this Privacy Statement, unless we provide you with Notice of those additional purposes.


Children

This website is not designed for children and is not intended to appeal to children. Aptiv does not knowingly collect data from children. If you are under 16 years of age, please do not use this website.


Complaints

Depending on your jurisdiction, you also have a right to make a complaint at any time to your local Data Protection Supervisory Authority (find a list of EEA Authorities here). Aptiv Global Operations Limited is an Irish Company, and it’s lead EU Regulator is the Irish Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD 28, Ireland or by e-mailing info@dataprotection.ie.


Changes to this Privacy Statement

We reserve the right to update this statement at any time. We may also notify you in other ways from time to time about the processing of your Personal Data. If you have any questions about this statement, please submit a request through the link here.

Last Updated: 23 August 2024